Prying In Britney Spears' Medical Records May Cost Employees' Jobs

Employees of the UCLA Health System may be disciplined for unauthorized access to Britney Spears' patient records during her most recent stay for a mental health evaluation.

Media around the globe reported that Spears was involuntarily hospitalized from Jan. 31 through Feb. 6, so psychiatric staff could determine whether she was a danger to herself or others. During her hospitalization, gossip outlets and traditional news media also reported on her interactions with staff and visitors during her stay.

Now, the Los Angeles Times reports that 25 staff members, including six physicians, could be disciplined for accessing the pop star's records without authorization.

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for securing and protecting patient health information. Hospitals have strict policies against disclosure, with some exceptions for insurance payment and law enforcement investigations. Many health providers refuse to verify that they have treated a particular patient.

UCLA's medical center said it immediately launches investigations into possible confidentiality breaches, but it could not comment on reports that 13 employees could be fired for viewing Spears' medical records. The statement named Spears and said it was the medical center's only response to reports that its staff would be fired over access to the star's records.
"UCLA Health System considers patient confidentiality a critical part of our mission of teaching, research, and patient care," UCLA explained in the statement. "All staff members are required to sign confidentiality agreements as a condition of their employment and complete extensive training on HIPAA-related privacy and security issues. We have stringent policies to protect patient confidentiality and address violations of those policies. When possible confidentiality breaches arise, UCLA immediately launches an investigation and appropriate disciplinary action would then be initiated. Due to the confidential nature of both patient and personnel issues, no further information is available."

According to the Times, which cited an unnamed source familiar with the situation, 13 employees could be fired and six could be suspended, while another six physicians could be disciplined for accessing Spears' medical records.

Despite concerns that electronic health records could threaten patient privacy, statements from the hospital's compliance and privacy chief indicate that computerized records could help pinpoint culprits.

Carole Klove, chief compliance officer, told the Times that employee passwords allow the hospital to monitor employees' computer activity, including what the employee viewed and for how long.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.

Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.